Welcome back to Risky Business's roundup of the headlines in risk. Recent developments highlight a clear shift toward tighter supervisory focus on resilience and execution, particularly in the UK and Europe. Regulators are embedding climate, interest rate, and resolvability risks more firmly into core prudential frameworks while recalibrating capital regimes under Basel 3.1, increasing cross-border complexity for large banks. In the UK, the PRA and Bank of England are streamlining supervision but sharpening scrutiny on business model sustainability and risks beyond the banking perimeter, including shadow banking. For boards, the takeaway is straightforward: regulatory tone may sound more proportionate, but expectations on delivery, data quality, and credible risk management are rising
EBA consults on climate-focused changes to the Systemic Risk Buffer (SyRB) guidelines
EBA
The European Banking Authority launched a consultation to amend guidelines on sectoral exposures for the Systemic Risk Buffer to make climate risk more visible in macroprudential capital tools. Proposed changes aim to add granularity in identifying climate-related exposures and how they are treated across jurisdictions. The consultation runs through April with a public hearing scheduled for April 2026.
Why this matters
Embedding climate risk into macroprudential tools raises expectations for data, reporting, and capital planning across large banks. It may also lead to divergent national calibrations, complicating cross-border capital planning. For risk planners, this signals climate risk accruing real prudential weight, not just disclosure emphasis.
Bank of England/PRA publishes its 2026 supervisory priorities
PRA
The PRA set out its supervisory priorities for 2026, highlighting a streamlined supervisory process and more efficient focus on key risks. The document confirms a shift of some supervisory reviews (like Periodic Summary Meetings) onto a biennial cadence. It also emphasises proportionate risk identification and remediating material weaknesses across banks and building societies.
Why it matters
This shapes how UK regulators allocate their scrutiny and resources, affecting risk reporting and supervisory engagement across firms. Streamlining may reduce administrative burden but heighten focus on core risks like governance and capital adequacy. Banks should adjust planning and evidence tracks to align with the updated supervisory cadence.
ECB Vice-Chair Elderson emphasises operational and geopolitical shock resilience in supervision
ECB
The ECB’s Frank Elderson told the European Parliament that supervisory priorities through 2028 will emphasise resilience to geopolitical and macro-financial shocks as well as operational risk (e.g., cybersecurity). He also reinforced stronger oversight of innovation risks, including AI and digital assets. Elderson stressed that supervisory simplification must not dilute risk-based scrutiny.
Why it matters
This highlights where supervisors will intensify scrutiny - particularly on cyber, third-party risk, and innovation controls. A clearer risk focus aids strategic compliance planning but raises expectations on operational risk governance. It signals that resilience goes beyond capital ratios to include non-financial operational domains.
Bank of England Governor warns shadow banking could threaten financial system
The Times
Bank of England Governor Andrew Bailey said regulators must address risks in the shadow banking sector, warning it could pose systemic threats due to growing scale and opacity. He announced plans for a new stress test of the private markets ecosystem to better understand systemic vulnerabilities. Bailey noted that while traditional banks are resilient, non-bank interconnections require closer monitoring.
Why it matters
A shift of supervisory attention toward shadow banking broadens the perimeter of risk monitoring beyond traditional deposit-taking banks. Systemic risk could be masked if these sectors expand without commensurate oversight. Banks with exposures to market-based finance should prepare for increased scrutiny on indirect risks and interconnected exposures.
EBA completes IRRBB Heatmap work, highlighting EVE/NII and CSRBB issues
EBA
The EBA published its final report on medium-to-long-term objectives under the IRRBB Heatmap initiative, noting progress but ongoing asymmetries in EVE and NII impacts. The report highlighted inconsistent treatment of Credit Spread Risk in the Banking Book across banks. It encourages firms to align approaches and enhance governance.
Why it matters
Interest rate risk in the banking book remains a core balance-sheet vulnerability in a rate-volatile environment. Divergent practices around credit spread risk and hedging governance can prompt regulatory findings and capital add-ons. This underscores the need for robust risk measurement, governance, and consistent methodology.
Bank of England/PRA finalises Basel 3.1 UK rules and confirms implementation timing
BoE/ PRA
The PRA published its final Basel 3.1 package in PS1/26, setting out the calibrated UK approach to the post-crisis Basel reforms. It reconfirms the UK implementation date of 1 January 2027 after a one-year delay agreed with HM Treasury. The policy statement anchors the supervisory baseline for firms in scope.
Why it matters
Basel 3.1 shapes capital calibration, risk-weighted assets, and disclosure norms critical to capital planning and competitiveness. The delayed timeline adds execution risk and cross-border complexity for UK-EU/US operations. It also underlines the need for robust programme management and model
BIS speech warns AI and digital finance can create new financial-stability fault lines
Bank of International Settlements
In a BIS speech in Hong Kong, Tao Zhang warned that rapid adoption of artificial intelligence and digital finance could create new fault lines in financial stability. He highlighted risks from operational fragility, concentration, and common-mode failures where institutions rely on similar models, vendors, or data. The speech also noted that automation and faster market dynamics could amplify stress, arguing that policy and risk frameworks must evolve alongside technological adoption
Why it matters
For GSIBs and DSIBs, AI risk is increasingly viewed not just as a model or operational issue but as a potential systemic risk. Heavy reliance on shared technology stacks and third-party providers heightens correlated failures that are difficult to mitigate through diversification. This raises supervisory expectations for robust AI governance, resilience planning, and clear incident management under a financial-stability lens.
EBA and AMLA complete handover of AML/CFT mandate effective 1 January 2026
EBA
he EBA announced that the new EU Anti-Money Laundering Authority (AMLA) took over AML/CFT supervisory mandates effective 1 January 2026. This structural change centralises oversight of anti-money-laundering supervision in the EU. The transition is intended to strengthen coordinated action and supervisory consistency.
Why it matters
Centralised AML supervision raises expectations for consistent, high-quality controls, reporting, and risk management across large banking groups. AML failures remain a key operational and reputational risk with rapid escalation potential. For international groups, alignment between UK and EU frameworks will be critical to managing compliance risk.
ECB advances climate and nature plan embedding risks into supervision
ECB
The ECB announced deeper integration of climate and nature-related risk considerations across its supervision and policy frameworks. This includes enhanced risk assessment capabilities and scenario analysis tools. The ECB intends to use binding decisions where necessary.
Why it matters
Climate and nature-related risks are now mainstream in euro-area supervisory expectations, with potential direct implications for capital adequacy and risk management. Banks need robust strategies and evidence to satisfy growing supervisory demands. It increases the importance of scenario planning and data quality in climate risk frameworks.
FINMA issues guidance to limit crypto-asset custody risks
FINMA
Switzerland’s regulator FINMA released guidance outlining expectations to limit operational, legal, and control risks linked to crypto-asset custody services. It emphasises firm structure, governance, and risk controls in crypto custody offerings. The guidance aims to protect clients and support supervisory clarity.
Why this matters
As crypto exposures grow, custody operations concentrate operational and compliance risks that could cascade into larger reputational and financial shocks. Regulatory guidance signals enhanced scrutiny and expectations for control environments. This affects UK and global banks offering digital asset services as part of broader risk frameworks.
